“It seems that there is a potentially serious security flaw in the way that some banking, e-commerce and financial websites rely on third-party digital certificate portals for their security.

According to a weekend report in the New York Times, because the number of ‘certificate authorities’ has blossomed into the hundreds, it is becoming “increasingly difficult to trust” that sites are not using the certificates for nefarious purposes.

The New York Times says that the power to appoint certificate authorities has been delegated by browser makers like Microsoft, Mozilla, Google and Apple to various companies, including Verizon. “Those entities, in turn, have certified others, creating a proliferation of trusted ‘certificate authorities’ according to internet security researchers”, says the paper.

But the bad news, the electronic civil liberties organisation says, is that some of these organisations are in countries like Russia and China, which are suspected of engaging in widespread surveillance of their citizens.”

From InfoSecurity.com